Forum Discussion

MatthewStyles_3's avatar
MatthewStyles_3
Icon for Nimbostratus rankNimbostratus
Mar 04, 2017

Anti-virus Scanning on non-ICAP server

Hi! This is my first post so please be gentle!

 

We have an F5 (12.1.2) with both LTM and ASM licensed and we are looking at using it to pass traffic to an external anti-Virus server. Unfortunately the Anti-virus server in question does not support ICAP. (It is actually a firewall that does AV scanning!)

 

The setup we have is as follows: Users upload content to our HTTPS website and are given the option to upload a file if they choose. The F5 is desired to decrypt the HTTPS traffic and then send it to a Anti-virus server which will then check the content for viruses and return the traffic back to the F5 to then send it to a further server pool.

 

We can decrypt the traffic easy enough, but what I am looking for is:

 

Is it possible for an iRule to inspect the traffic and send the file attachment to the anti-virus server if a file is found as well as allowing it straight to the server pool if there is no file attached?

 

We can of course utilise ASM, but my understanding from F5 is that the inbuilt AV options won't work/aren't supported with a non-ICAP AV server.

 

Any help would be gratefully received!

 

Matt